• 200 million attempted M+E attacks in 2018
  • Feb 2019 620 million data records breached
  • Tech enabling sophisticated cyber attacks

Cyber security

NAB 2019: Online streaming services were targeted in major credential stuffing attacks 30 billion times last year according to a new report by Akamai. 

Three of the largest attacks in 2018 were against online video and music streaming services.

Credential stuffing is where cyber attackers tap automated tools to use stolen login information to attempt to gain access to user accounts on other online sites, on the assumption that consumers use the same login and password for multiple services.

Akamai’s State of the Internet / Security: Credential Stuffing: Attacks and Economies – Special Media Report, released this week during the NAB Show, highlighted that media organisations, gaming companies and the entertainment industry are the biggest targets of credential stuffing attacks.

Akamai director of security technology and strategy Patrick Sullivan unveiled the new research during the NAB Cybersecurity and Content Protection Summit. He said: “Hackers are very attracted to the high profile and value of online streaming services.”

In February this year the video media sector alone saw its largest attack at the same time as a reported data breach, with 620 million usernames, passwords and other records obtained from 16 organisations listed on the darknet.

Stolen credentials can be used for a host of illicit purposes, not the least of which is enabling non-subscribers to view content via pirated streaming accounts. Compromised accounts are also sold, traded or harvested for various types of personal information, and they are often available for purchase in bulk on the Dark Web, according to Akamai researchers.

Sullivan added: “Educating subscribers on the importance of using unique username and password combinations is one of the most effective measures businesses can take to mitigate credential abuse.

“The good news is that organisations are taking the threat seriously and investigating security defences.”

Akamai has previously published that media, gaming and entertainment companies saw 11.6 billion attacks between May and December 2018.

The report highlighted how there are readily accessible online video tutorials that provide step-by-step instructions for executing credential stuffing attacks, including using all-in-one applications to validate stolen or generated credentials.

It also listed the US as the top country of origin for the attacks, followed by Russia and Canada, while the US is also the top target, followed by India and Canada.

Cyber security = New threats

Opening the Cybersecurity and Content Protection Summit keynote, retired US Navy Rear Admiral and former chief of the Federal Communication Commission’s (FCC) Public Safety and Homeland Security Bureau David Simpson told delegates if content is king, it needs to be protected as such.

“Broadcast content will now be exposed to threat vectors from the surrounding ecosystem, and information sharing between industry verticals will grow in importance.”

Simpson explained the onus lies with media and entertainment companies to confront the new threats from new technologies.

Forming a common language from which to discuss cyber risk, understand security gaps and have a bias when it comes to new technology are key to mitigating risk along with a diverse cyber defence team and cyber information sharing networks.

Simpson added: “Cybersecurity increasingly has become a team sport, and this is an interconnected, inter-dependent landscape going forward.”